Azure Infrastructure Engineer

About The Position

Requirements

• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
• 5+ years in cloud infrastructure or SRE with Azure (networking, compute, storage, identity, security).
• Hands-on with ACA (Azure Container Apps), App Services, Functions, Private Endpoints/Private Link, Key Vault, App Config, SQL Server.
• Strong Java ecosystem familiarity: JVM tuning, Spring Boot microservices, packaging, containerization, and deployment to ACA/App Services; serverless batch patterns via Functions time triggers.
• IaC (Terraform/Bicep), GitHub Actions/Azure DevOps, and GitOps workflows.
• Security fundamentals: RBAC, Entra ID, MFA, secrets management, and compliance controls.

Nice To Haves

• Experience with messaging and data platforms (Event Hubs, Service Bus, Kafka/Confluent) and analytics (SQL Server).
• Observability tooling (Prometheus/Grafana), performance testing, and cost optimization.
• Certifications: AZ-104, AZ-305, AZ-400.

Responsibilities

• Design and implement Azure landing zones and subscriptions with RBAC, Entra ID integration, MFA, and compliant tagging/naming standards; automate guardrails using policy and role assignments.
• Build secure virtual networks, subnets, route tables, NSGs, and Private Endpoints/Private Link to isolate services and eliminate public exposure.
• Provision and manage compute/services: ACA (Azure Container Apps), Azure App Services, Functions, VMs, App Config, Key Vault, and SQL Server; define transition patterns for on-prem to Azure.
• Partner with Java teams to containerize services, tune JVM (GC, memory), and deploy to ACA/App Services; standardize CI/CD pipelines and rollouts (blue/green, canary).
• Implement serverless schedules for Java workloads using Azure Functions (including time triggers) to simplify batch job orchestration.
• Enforce secrets management with Key Vault, least-privilege access, and identity-based controls; integrate with enterprise RBAC/Entra ID groups.
• Support data security patterns for analytics platforms (e.g., SQL Server) including workspace isolation, encryption at rest (SSE/CMK), and backup practices.
• Establish SLOs/SLIs, dashboards, and alerting via Azure Monitor/Log Analytics; implement autoscaling and cost controls.
• Drive incident response, root-cause analysis, and post-mortems; implement resilience patterns (health probes, retry/backoff, circuit breaking).
• Automate infrastructure with Terraform/Bicep, GitOps, and pipelines; maintain environment parity across dev/test/prod.
• Contribute design docs and runbooks; socialize standards for naming, tagging, and environment isolation; review app designs for cloud fit and security compliance.

Benefits

• retirement benefits (401k and pension)
• health and welfare benefits (medical, dental, vision, spending accounts and disability)
• paid time off
• parental and caregiver leave
• life & accident insurance
• other voluntary and well-being benefits
• discretionary bonus program that may include an equity component